Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4260

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4260
Last Modified 05 Sep 2008 04:56:26
Published 15 Dec 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4260

Summary

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.

Vulnerable Systems

Application

  • Francisco Burzi Php-nuke 7.0

  • Francisco Burzi Php-nuke 7.1

  • Francisco Burzi Php-nuke 7.2

  • Francisco Burzi Php-nuke 7.3

  • Francisco Burzi Php-nuke 7.6

  • Francisco Burzi Php-nuke 7.7

  • Francisco Burzi Php-nuke 7.8

  • Francisco Burzi Php-nuke 7.9


References

BID - 15855

BUGTRAQ - 20051220 Re: XSS bypass in PHPNuke - FIX ?

BUGTRAQ - 20051214 Bypass XSS filter in PHPNUKE 7.9=>x


Last Updated: 27 May 2016 10:41:14